#32718: Saving a FileField raises SuspiciousFileOperation in some scenarios.
-------------------------------------+-------------------------------------
     Reporter:  Jakub Kleň           |                    Owner:  Mariusz
                                     |  Felisiak
         Type:  Bug                  |                   Status:  assigned
    Component:  Database layer       |                  Version:  2.2
  (models, ORM)                      |
     Severity:  Release blocker      |               Resolution:
     Keywords:  3.2.1 file model     |             Triage Stage:  Accepted
  filefield fieldfile                |
    Has patch:  0                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------
Changes (by Mariusz Felisiak):

 * status:  new => assigned
 * cc: Markus Holtermann (added)
 * needs_better_patch:  1 => 0
 * needs_tests:  1 => 0
 * owner:  nobody => Mariusz Felisiak
 * needs_docs:  1 => 0
 * has_patch:  1 => 0


Comment:

 Thanks y'all for various test projects and detailed reports of encountered
 issue with saving `FileFields`.

 After some discussions, we decided to prepare a patch for
 
[https://github.com/django/django/blob/c4ee3b208a2c95a5102b5e4fa789b10f8ee29b84/django/db/models/fields/files.py#L309-L322
 FileField.generate_filename()] that should solve most of these issues.
 Please see the following points.

 1. If `filename` passed to the `FileField.generate_filename()` is an
 absolute path, it will be converted to the `os.path.basename(filename)`.
 2. Validate `filename` returned by `FileField.upload_to()` not a
 `filename` passed to the `FileField.generate_filename()` (`upload_to()`
 may completely ignored passed `filename`).
 3. Allow relative paths (without dot segments) in the generated filename.

 We're going to prepare a patch in the next few days.

-- 
Ticket URL: <https://code.djangoproject.com/ticket/32718#comment:29>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/064.fcd5cd5317438f240870d9dac7018954%40djangoproject.com.

Reply via email to